Nextel S.A., profile picture
Uploaded byNextel S.A.
1,529 views

Gestiona el riesgo de las grandes amenazas

The document provides information about Check Point's Compliance Software Blade, which allows users to monitor security and compliance across their network in real-time. The Compliance Software Blade integrates fully with Check Point's security management platform and provides visibility into security best practices mapped to various regulations. It also offers out-of-the-box audit preparation and compliance reporting to help streamline regulatory compliance efforts.

Technology
Related topics:
Risk-Management

Embed presentation

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. ©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Los Riesgos de Nuevas amenazas Mayo 2014
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. ©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. DDoS Attacks
3©2013 Check Point Software Technologies Ltd. 2001 20102005 Attack Risk Time© 2011, Radware, Ltd. Blaster 2003 CodeRed 2001 Nimda (Installed Trojan) 2001 Slammer (Attacking SQL sites) 2003 Vandalism and Publicity Storm (Botnet) 2007 Agobot (DoS Botnet) Srizbi (Botnet) 2007Rustock (Botnet) 2007 Kracken (Botnet) 2009 2010 IMDDOS (Botnet) Financially Motivated Mar 2011 DDoS Wordpress.com Blending Motives Mar 2011 Codero DDoS / Twitter Israeli sites Google / Twitter Attacks2009 Republican website DoS 2004 Estonia’s Web Sites DoS 2007 Georgia Web sites DoS 2008 July 2009 Cyber Attacks US & Korea Dec 2010 Operation Payback Mar 2011 Netbot DDoS Mar 2011 Operation Payback II ―Hacktivism‖ LulzSec Sony, CIA, FBI Peru, Chile 2012 DDoS Timeline—Summary Graph “Worms” DDoS “Blend” DDoS Attacks Gaining Momentum
4©2013 Check Point Software Technologies Ltd. Application Layer Attacks Network Layer Attacks DDoS Attack by Types More attacks are targeted at the application layer TCP SYN Flood
5©2013 Check Point Software Technologies Ltd. Layer 7 DoS Attacks  Legitimate traffic  Low bandwidth  Exploit TCP protocol  Partial HTTP Requests  Recursive DNS Spoofing  Application Exploits  And more…  Use of TOR  Use of proxies  Use of botnets Allowed Traffic Hidden Sources Attack Vectors Attack Damage
10©2013 Check Point Software Technologies Ltd. Attackers Use Multi-Layer DDoS Large-volume network flood attacks Web attacks: brute force login locked SYN flood attack Application vulnerability ―Low and slow‖ DoS attacks (e.g., Sockstress) High and slow application DoS attacks Simultaneous Attack Vectors 1 successful attack vector = No service
11©2013 Check Point Software Technologies Ltd. DDoS and Traditional Security Attackers Take Advantage of Traditional Security  Routers may be affected before firewalls  Firewalls track state of network connections (Can be bottleneck)  Firewalls allow legitimate traffic (e.g. port 80 to web server)  IPS allows legitimate request (e.g. get http/1.0rn)  Application Control allows legitimate services (DNS or HTTPS)
12©2013 Check Point Software Technologies Ltd. Traditional Firewalls Not Sufficient Not Designed for Network and Application DDoS Protection  Basic rate based flood protection affects all traffic (Real users and attack traffic)  Lacks Comprehensive Layer 7 DDoS protection – Poor detection of sly attacks – No filters to block attacks and allow real traffic – Administrators cannot create custom signatures
13©2013 Check Point Software Technologies Ltd. What Software Blades Can Do  Firewall configurations: network access control – Aggressive aging: protection against connection-consuming attacks – Network quota: limit number of connections by source IP – ICMP/UDP perimeter, initial drop rules: drop early in policy – Lower Stateful Inspection timers: defense against slow attack  IPS configurations: proactive intrusion prevention – Geo protection: Rules to block by country and direction of traffic – Worm catcher signature: block known worms (HTTP and CIFS) – TCP window size enforcement: small TCP window and flood – SYN flood protection: cookie-based validation – HTTP flooding: rate-based blocking  SmartEvent and SmartLog: improved visibility and forensics
14©2013 Check Point Software Technologies Ltd. Block Denial of Service Attacks within seconds! Introducing Check Point Check Point DDoS Protector™
15©2013 Check Point Software Technologies Ltd. Check Point DDoS Protector Flexible deployment options Customized multi-layered DDoS protection Fast response time—protect within seconds DDoS Protector Integrated with Check Point security management
17©2013 Check Point Software Technologies Ltd. Product Information Model DP 506 DP 1006 DP 2006 DP 3006 DP 4412 DP 8412 DP 12412 Capacity 0.5Gbps 1Gbps 2Gbps 3Gbps 4GBps 8Gbps 12Gbps Max Concurrent Sessions 2 Million 4 Million Max DDoS Flood Attack Protection Rate 1 Million packets per second 10 Million packets per second Latency <60 micro seconds Real-time signatures Detect and protect against attacks in less than 18 seconds
18©2013 Check Point Software Technologies Ltd. DDoS Attack Information Network Flood High volume of packets Server Flood High rate of new sessions Application Web / DNS connection- based attacks Low & Slow Attacks Advanced attack techniques
19©2013 Check Point Software Technologies Ltd. Network Flood High volume of packets Server Flood High rate of new sessions Application Web / DNS connection- based attacks Low & Slow Attacks Advanced attack techniques Multi-Layer DDoS Protection Behavioral network analysis Stateless and behavioral engines Automatic and pre-defined signatures Protections against misuse of resources Behavioral HTTP and DNS Challenge / response mitigation methods Granular custom filters Create filters that block attacks and allow users
20©2013 Check Point Software Technologies Ltd. Flexible Deployment Options Low Maintenance and Support Optional Learning Mode Deployment Fits to Existing Network Topology Ready to Protect in Minutes 20©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. |
21©2013 Check Point Software Technologies Ltd. + Deployment Locations On-Premise Deployment DDoS Security Appliance Off-Site Deployment DDoS Security Appliance Scenarios: 1 2 3 Transparent network device easily fits into existing network topology (layer 2 bridge)
22©2013 Check Point Software Technologies Ltd. Simple Deployment Ready to protect any size network in minutes 1.Plug it in… 2.Let it learn… 3.Protected by signatures Signatures are ready to protect Baseline good network and application behavior No network address changes (Layer 2 bridge)
25©2013 Check Point Software Technologies Ltd.©2013 Check Point Software Technologies Ltd. Zero Day & APTs
26©2013 Check Point Software Technologies Ltd. WOULD YOU OPEN THIS ATTACHMENT?
27©2013 Check Point Software Technologies Ltd. TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
28©2013 Check Point Software Technologies Ltd. Exploiting Zero-day vulnerabilities New vulnerabilities Countless new variants ―nearly 200,000 new malware samples appear around the world each day‖ - net-security.org, June 2013
29©2013 Check Point Software Technologies Ltd. WHAT ABOUT NEW ATTACKS? Block download of malware infested files Detect and prevent bot damage Stops exploits of known vulnerabilities Check Point Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
30©2013 Check Point Software Technologies Ltd. Check Point introducing Check Point ThreatCloud Emulation Service PREVENTION OF ZERO-DAY ATTACKS !
31©2013 Check Point Software Technologies Ltd. INSPECT FILE PREVENTSHARE Stop undiscovered attacks with Check Point Threat Emulation INSPECT FILE EMULATE PREVENTSHARE
32©2013 Check Point Software Technologies Ltd. Exe files, PDF and Office documents Identify files in email attachments and downloads over the web Send file to virtual sandbox INSPECT Requires no infrastructure change or adding devices
33©2013 Check Point Software Technologies Ltd. EMULATE Open file and monitor abnormal behavior Emulating Multi OS environments WIN 7, 8, XP & user customized Monitored behavior: • file system • system registry • network connections • system processes
34©2013 Check Point Software Technologies Ltd. A STANDARD CV? Emulation @ Work
35©2013 Check Point Software Technologies Ltd. Emulation @ Work
36©2013 Check Point Software Technologies Ltd. Emulation @ Work File System Activity System Registry System Processes Network Connections Abnormal file activity Tampered system registry Remote Connection to Command & Control Sites ―Naive‖ processes created
37©2013 Check Point Software Technologies Ltd. PREVENT Security Gateway Inline stopping of malicious files on any gateway
38©2013 Check Point Software Technologies Ltd. Immediate update of all gateways SHARE
39©2013 Check Point Software Technologies Ltd. INSPECT FILE EMULATE PREVENTSHARE Stop undiscovered attacks with ThreatCloud Emulation Service
40©2013 Check Point Software Technologies Ltd. New exploit variant of vulnerability (CVE-2012-0158) Installs a bot agent Opens network ports for bot communication Steals user credentials Real Life Example Prevented 140 phishing emails targeting 4 customers in 2 days!
41©2013 Check Point Software Technologies Ltd. Most Accurate and Fastest Prevention Optimize analysis by inspecting only files at risk Zero false-positive in document emulation THREAT EMULATION with ongoing innovation
42©2013 Check Point Software Technologies Ltd. ThreatCloud Emulation Service Branch Headquarters Branch Agent for Exchange Server ThreatCloud Emulation Service Single Global Solution – For the entire organization
43©2013 Check Point Software Technologies Ltd. Specifications Recommended # of File scanning per Month 250,000 1,000,000 Recommended # of users 1,700 7,000 Throughput (Mbps) 691 2032 Threat Emulation Private Cloud Appliance Multiple deployment options: Inline, Mail Transfer Agent, Tap
44©2013 Check Point Software Technologies Ltd. ThreatCloud Emulation Service Advantages Cloud based service— works with your existing infrastructure. No need to install new equipment Control expenses with manageable lower monthly costs Organizations can choose from 5 subscription options for global file inspections, starting at 10,000 files per month and up
45©2013 Check Point Software Technologies Ltd. threats@checkpoint.com threatemulation.checkpoint.com Anyone can submit files for THREAT EMULATION
46©2013 Check Point Software Technologies Ltd. Multi-Layered Protection Against all Incoming Cyber Threats Check Point Threat Prevention Solution
47©2013 Check Point Software Technologies Ltd. Top Reasons customers pick Check Point Threat Emulation works with your existing infrastructure -- No need to install any new equipment A Complete Threat Prevention Solution for Known and Unknown threats
48©2013 Check Point Software Technologies Ltd.©2013 Check Point Software Technologies Ltd. Compliance Software Blade REVOLUTIONIZING SECURITY & COMPLIANCE
49©2013 Check Point Software Technologies Ltd. Agenda 1 Market Background Compliance Software Blade2 Extending GRC with easy2comply3 Compliance Customer Stories4 [Restricted] ONLY for designated groups and individuals Summary5
50©2013 Check Point Software Technologies Ltd. As Security Pressures Grow… [Restricted] ONLY for designated groups and individuals
51©2013 Check Point Software Technologies Ltd. … and Regulatory Compliance Needs Increase MORE MORE MORE Regulations Frequent Complex [Restricted] ONLY for designated groups and individuals
52©2013 Check Point Software Technologies Ltd.
53©2013 Check Point Software Technologies Ltd. Compliance Software Blade Presenting: Check Point’s first integrated and fully automated Security & Compliance Monitoring [Restricted] ONLY for designated groups and individuals
54©2013 Check Point Software Technologies Ltd. Security and Compliance Made Easy [Restricted] ONLY for designated groups and individuals
55©2013 Check Point Software Technologies Ltd. Easy Installation: Up and Running within 2Mouse Clicks Fully Integrated Management Blade [Restricted] ONLY for designated groups and individuals
56©2013 Check Point Software Technologies Ltd. Library of Security Best Practices [Restricted] ONLY for designated groups and individuals
57©2013 Check Point Software Technologies Ltd. 360 Security Visibility Detailed Security Analysis [Restricted] ONLY for designated groups and individuals
58©2013 Check Point Software Technologies Ltd. Detailed Security Analysis [Restricted] ONLY for designated groups and individuals
59©2013 Check Point Software Technologies Ltd. ISO 27001 PCI- DSS GLBA NIST 800-41 HIPAA ISO 27002 Cobit 4.1 Complex Regulatory Requirements……mapped to Security Best Practices
60©2013 Check Point Software Technologies Ltd. Real-Time Assessment of major regulations across Check Point Software Blades Regulatory Compliance Monitoring [Restricted] ONLY for designated groups and individuals
61©2013 Check Point Software Technologies Ltd. Out of the Box Audit Preparation [Restricted] ONLY for designated groups and individuals
62©2013 Check Point Software Technologies Ltd. Real Time Security Alerts [Restricted] ONLY for designated groups and individuals
63©2013 Check Point Software Technologies Ltd. Actionable Management [Restricted] ONLY for designated groups and individuals
64©2013 Check Point Software Technologies Ltd. NOW IS THE TIME TO STREAMLINE SECURITY WITH REGULATORY COMPLIANCE [Restricted] ONLY for designated groups and individuals  Real-Time Security Monitoring  Compliance Reporting  Security Alerts  Complementary GRC Solution Summary
Thank You

More Related Content

PPTX
Check Point sizing security
byGroup of company MUK
 
PPTX
Check Point designing a security
byGroup of company MUK
 
PDF
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
PPTX
Detección y mitigación de amenazas con Check Point
byNextel S.A.
 
PDF
Check point presentation june 2014
byDavid Berkelmans
 
PPTX
Check Point Threat emulation 2013
byGroup of company MUK
 
PDF
Defcon 22-tim-mcguffin-one-man-shop
byPriyanka Aash
 
PPTX
Multi domain security-management_technical_presentation
bydavebrosnan
 
Check Point sizing security
byGroup of company MUK
 
Check Point designing a security
byGroup of company MUK
 
SCADA Security: The Five Stages of Cyber Grief
byLancope, Inc.
 
Detección y mitigación de amenazas con Check Point
byNextel S.A.
 
Check point presentation june 2014
byDavid Berkelmans
 
Check Point Threat emulation 2013
byGroup of company MUK
 
Defcon 22-tim-mcguffin-one-man-shop
byPriyanka Aash
 
Multi domain security-management_technical_presentation
bydavebrosnan
 

What's hot

PPT
checkpoint
byMayank Dhingra
 
PPTX
Using Assessment Tools on ICS (English)
byDigital Bond
 
PPTX
Check Point Virtual Systems
byGroup of company MUK
 
PPTX
Check Point: From Branch to Data Center
byGroup of company MUK
 
PPTX
Checkpoint Firewall Training | Checkpoint Firewall Online Course
byGlobal Online Trainings
 
PDF
VIPER Labs - VOIP Security - SANS Summit
byShah Sheikh
 
PPTX
Vulnerability Inheritance in ICS (English)
byDigital Bond
 
PDF
Monitoring ICS Communications
byDigital Bond
 
PDF
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
byShah Sheikh
 
PDF
API Training 10 Nov 2014
byDigital Bond
 
PDF
Windows server hardening 1
byFrank Avila Zapata
 
PDF
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
byRadware
 
PDF
Windows Service Hardening
byDigital Bond
 
PDF
Checkpoint ccsa r76
byVaibhav Agrawal
 
PPTX
Network Security - Real and Present Dangers
byPeter Wood
 
PPTX
Mobile Device Mismanagement
bybreenmachine
 
PPTX
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
PPTX
Взаимодействие с Check Point Technical Support
byGroup of company MUK
 
PDF
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
byShah Sheikh
 
PDF
S4xJapan Closing Keynote
byDigital Bond
 
checkpoint
byMayank Dhingra
 
Using Assessment Tools on ICS (English)
byDigital Bond
 
Check Point Virtual Systems
byGroup of company MUK
 
Check Point: From Branch to Data Center
byGroup of company MUK
 
Checkpoint Firewall Training | Checkpoint Firewall Online Course
byGlobal Online Trainings
 
VIPER Labs - VOIP Security - SANS Summit
byShah Sheikh
 
Vulnerability Inheritance in ICS (English)
byDigital Bond
 
Monitoring ICS Communications
byDigital Bond
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
byShah Sheikh
 
API Training 10 Nov 2014
byDigital Bond
 
Windows server hardening 1
byFrank Avila Zapata
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
byRadware
 
Windows Service Hardening
byDigital Bond
 
Checkpoint ccsa r76
byVaibhav Agrawal
 
Network Security - Real and Present Dangers
byPeter Wood
 
Mobile Device Mismanagement
bybreenmachine
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
byDawn Yankeelov
 
Взаимодействие с Check Point Technical Support
byGroup of company MUK
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
byShah Sheikh
 
S4xJapan Closing Keynote
byDigital Bond
 

Viewers also liked

PPT
Say no to aborsi
bybeautyviol
 
PDF
Attack Toolkit & Social Norms
byAlex T.
 
PDF
Leading Change and Coaching
byNaveen Nanjundappa
 
PDF
Веб-аналитика для чайников
byAlexander Verhozin
 
KEY
Understanding gc qconny2012
bywgrahamt
 
PDF
Improve your Online Sales by Using Data Driven e-Commerce
byEmbitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
PDF
Product teams. The Good, the Bad, the Unaligned.
byArseny Kravchenko
 
PDF
FOREIGN NATIONALS
bySUSAN HARVEY
 
PPT
First time buyers top 25 questions
bySUSAN HARVEY
 
PDF
Интернет-маркетинг для тренеров личностного роста
byAlexander Verhozin
 
PPSX
Indus Pride Take Pride India Quiz case study
byKumpz King
 
PDF
Вам не нужен сайт!
byAlexander Verhozin
 
PDF
Presentacion motivafit startup live alicante
byNadia Calatayud
 
PDF
Nocall 2009 Friend Feed
byJaye Lapachet
 
PDF
HOMEPATH "READY BUYER"
bySUSAN HARVEY
 
PDF
ScrumMaster activities in building a winning self organized teams - Naveen Na...
byNaveen Nanjundappa
 
PPTX
Using technology to maintain course quality- delivery a city course in the co...
byHMVT Teaching and Learning Space
 
ODP
Presentació recursos PDI 2014
byXavier Barrera Sales
 
PDF
Manual de Identidade Visual - Amanda Melina
byGustavo Macedo
 
PPT
Ukraine - et marked på grænsen til EU
byMorten Munk
 
Say no to aborsi
bybeautyviol
 
Attack Toolkit & Social Norms
byAlex T.
 
Leading Change and Coaching
byNaveen Nanjundappa
 
Веб-аналитика для чайников
byAlexander Verhozin
 
Understanding gc qconny2012
bywgrahamt
 
Improve your Online Sales by Using Data Driven e-Commerce
byEmbitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
Product teams. The Good, the Bad, the Unaligned.
byArseny Kravchenko
 
FOREIGN NATIONALS
bySUSAN HARVEY
 
First time buyers top 25 questions
bySUSAN HARVEY
 
Интернет-маркетинг для тренеров личностного роста
byAlexander Verhozin
 
Indus Pride Take Pride India Quiz case study
byKumpz King
 
Вам не нужен сайт!
byAlexander Verhozin
 
Presentacion motivafit startup live alicante
byNadia Calatayud
 
Nocall 2009 Friend Feed
byJaye Lapachet
 
HOMEPATH "READY BUYER"
bySUSAN HARVEY
 
ScrumMaster activities in building a winning self organized teams - Naveen Na...
byNaveen Nanjundappa
 
Using technology to maintain course quality- delivery a city course in the co...
byHMVT Teaching and Learning Space
 
Presentació recursos PDI 2014
byXavier Barrera Sales
 
Manual de Identidade Visual - Amanda Melina
byGustavo Macedo
 
Ukraine - et marked på grænsen til EU
byMorten Munk
 

Similar to Gestiona el riesgo de las grandes amenazas

PDF
Check Point SandBlast and SandBlast Agent
byMarketingArrowECS_CZ
 
PDF
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
byMoti Sagey מוטי שגיא
 
PPTX
Denial of Service Threats: Analysis of DoS and DDoS Attacks with Mitigation T...
bysu92bssemf220701
 
PPTX
Check Point Consolidation
byGroup of company MUK
 
PPTX
Check Point Ddos protector
byGroup of company MUK
 
PDF
PIONEERING GEN V SECURITY WITH CHECK POINT
byTechnofutur TIC
 
PDF
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
byClouditalia Telecomunicazioni
 
PDF
SOLUCIONES CHECKPOINT - Redes y Comunicaciones
bypesoan
 
PDF
Fortinet_FortiDDoS_Introduction
byswang2010
 
PDF
DoS Attack vs DDoS Attack_ The Silent Wars of the Internet.pdf
byCyberPro Magazine
 
PDF
ddos-protector-customer-presentation.pdf
byTuPhan66
 
PDF
Staying One Step Ahead with Zero-Day Protection
byMarketingArrowECS_CZ
 
PDF
комплексная защита от современных интернет угроз с помощью Check point sandblast
byDiana Frolova
 
PPTX
Csa summit seguridad en el sddc
byCSA Argentina
 
PDF
Understanding Advanced Threats and How to Prevent Them
byMarketingArrowECS_CZ
 
PDF
Akamai___WebSecurity_eBook_Final
byCheryl Goldberg
 
PDF
CPX 2016 Moti Sagey Security Vendor Landscape
byMoti Sagey מוטי שגיא
 
PPTX
2015 Security Report
byCheck Point Software Technologies
 
PDF
Evolving threat landscape
byMotiv
 
PDF
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
byTierPoint
 
Check Point SandBlast and SandBlast Agent
byMarketingArrowECS_CZ
 
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
byMoti Sagey מוטי שגיא
 
Denial of Service Threats: Analysis of DoS and DDoS Attacks with Mitigation T...
bysu92bssemf220701
 
Check Point Consolidation
byGroup of company MUK
 
Check Point Ddos protector
byGroup of company MUK
 
PIONEERING GEN V SECURITY WITH CHECK POINT
byTechnofutur TIC
 
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
byClouditalia Telecomunicazioni
 
SOLUCIONES CHECKPOINT - Redes y Comunicaciones
bypesoan
 
Fortinet_FortiDDoS_Introduction
byswang2010
 
DoS Attack vs DDoS Attack_ The Silent Wars of the Internet.pdf
byCyberPro Magazine
 
ddos-protector-customer-presentation.pdf
byTuPhan66
 
Staying One Step Ahead with Zero-Day Protection
byMarketingArrowECS_CZ
 
комплексная защита от современных интернет угроз с помощью Check point sandblast
byDiana Frolova
 
Csa summit seguridad en el sddc
byCSA Argentina
 
Understanding Advanced Threats and How to Prevent Them
byMarketingArrowECS_CZ
 
Akamai___WebSecurity_eBook_Final
byCheryl Goldberg
 
CPX 2016 Moti Sagey Security Vendor Landscape
byMoti Sagey מוטי שגיא
 
2015 Security Report
byCheck Point Software Technologies
 
Evolving threat landscape
byMotiv
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
byTierPoint
 

More from Nextel S.A.

PPTX
¡Tsunami! ¿Vas a quedarte mirando la ola?: Panorama Actual de Ciberseguridad ...
byNextel S.A.
 
PPTX
Caso práctico: Implementación de GlobalSuite en un entorno heterogéneo de gra...
byNextel S.A.
 
PPTX
Gestión automatizada de la Continuidad de Negocio con GlobalContinuity
byNextel S.A.
 
PDF
Presentacion de Nextel S.A.
byNextel S.A.
 
PPT
El Reto de la Continuidad de Negocio
byNextel S.A.
 
PDF
Transformación de la organización TI
byNextel S.A.
 
PPTX
Segurity Empower Business
byNextel S.A.
 
PPTX
Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, vi...
byNextel S.A.
 
PPT
Seguridad: sembrando confianza en el cloud
byNextel S.A.
 
PDF
Linked data: mayor granularidad, mayor control de acceso
byNextel S.A.
 
PDF
La Web como plataforma de referencia: viejos ataques y nuevas vulnerabilidades
byNextel S.A.
 
PDF
Red hat transforme su negocio mediante una estrategia de virtualización abierta
byNextel S.A.
 
PDF
redBorder: Open or die
byNextel S.A.
 
PPT
Ahorrar invirtiendo, los beneficios de una buena gestión TIC
byNextel S.A.
 
PDF
Futuro y Tendencias TI - Preparación de profesionales en la Universidad
byNextel S.A.
 
PPTX
Visión práctica sobre catálogo de servicios y gestión de costes TIC
byNextel S.A.
 
PPTX
La gestión de una empresa pública TI
byNextel S.A.
 
PPT
El Negocio del Riesgo
byNextel S.A.
 
PPTX
Nuevo modelo de gestión avanzada
byNextel S.A.
 
PDF
Relación entre Tecnología y Negocio
byNextel S.A.
 
¡Tsunami! ¿Vas a quedarte mirando la ola?: Panorama Actual de Ciberseguridad ...
byNextel S.A.
 
Caso práctico: Implementación de GlobalSuite en un entorno heterogéneo de gra...
byNextel S.A.
 
Gestión automatizada de la Continuidad de Negocio con GlobalContinuity
byNextel S.A.
 
Presentacion de Nextel S.A.
byNextel S.A.
 
El Reto de la Continuidad de Negocio
byNextel S.A.
 
Transformación de la organización TI
byNextel S.A.
 
Segurity Empower Business
byNextel S.A.
 
Evaluación de riesgos asociados al puesto de trabajo: empleados, externos, vi...
byNextel S.A.
 
Seguridad: sembrando confianza en el cloud
byNextel S.A.
 
Linked data: mayor granularidad, mayor control de acceso
byNextel S.A.
 
La Web como plataforma de referencia: viejos ataques y nuevas vulnerabilidades
byNextel S.A.
 
Red hat transforme su negocio mediante una estrategia de virtualización abierta
byNextel S.A.
 
redBorder: Open or die
byNextel S.A.
 
Ahorrar invirtiendo, los beneficios de una buena gestión TIC
byNextel S.A.
 
Futuro y Tendencias TI - Preparación de profesionales en la Universidad
byNextel S.A.
 
Visión práctica sobre catálogo de servicios y gestión de costes TIC
byNextel S.A.
 
La gestión de una empresa pública TI
byNextel S.A.
 
El Negocio del Riesgo
byNextel S.A.
 
Nuevo modelo de gestión avanzada
byNextel S.A.
 
Relación entre Tecnología y Negocio
byNextel S.A.
 

Recently uploaded

PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PPTX
AI and Digital Transformation Solutions.
byBuildingblocks
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PPTX
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PDF
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
AI and Digital Transformation Solutions.
byBuildingblocks
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 

Gestiona el riesgo de las grandes amenazas

  • 1.
    ©2012 Check PointSoftware Technologies Ltd. [PROTECTED] — All rights reserved. ©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Los Riesgos de Nuevas amenazas Mayo 2014
  • 2.
    ©2012 Check PointSoftware Technologies Ltd. [PROTECTED] — All rights reserved. ©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. DDoS Attacks
  • 3.
    3©2013 Check PointSoftware Technologies Ltd. 2001 20102005 Attack Risk Time© 2011, Radware, Ltd. Blaster 2003 CodeRed 2001 Nimda (Installed Trojan) 2001 Slammer (Attacking SQL sites) 2003 Vandalism and Publicity Storm (Botnet) 2007 Agobot (DoS Botnet) Srizbi (Botnet) 2007Rustock (Botnet) 2007 Kracken (Botnet) 2009 2010 IMDDOS (Botnet) Financially Motivated Mar 2011 DDoS Wordpress.com Blending Motives Mar 2011 Codero DDoS / Twitter Israeli sites Google / Twitter Attacks2009 Republican website DoS 2004 Estonia’s Web Sites DoS 2007 Georgia Web sites DoS 2008 July 2009 Cyber Attacks US & Korea Dec 2010 Operation Payback Mar 2011 Netbot DDoS Mar 2011 Operation Payback II ―Hacktivism‖ LulzSec Sony, CIA, FBI Peru, Chile 2012 DDoS Timeline—Summary Graph “Worms” DDoS “Blend” DDoS Attacks Gaining Momentum
  • 4.
    4©2013 Check PointSoftware Technologies Ltd. Application Layer Attacks Network Layer Attacks DDoS Attack by Types More attacks are targeted at the application layer TCP SYN Flood
  • 5.
    5©2013 Check PointSoftware Technologies Ltd. Layer 7 DoS Attacks  Legitimate traffic  Low bandwidth  Exploit TCP protocol  Partial HTTP Requests  Recursive DNS Spoofing  Application Exploits  And more…  Use of TOR  Use of proxies  Use of botnets Allowed Traffic Hidden Sources Attack Vectors Attack Damage
  • 6.
    10©2013 Check PointSoftware Technologies Ltd. Attackers Use Multi-Layer DDoS Large-volume network flood attacks Web attacks: brute force login locked SYN flood attack Application vulnerability ―Low and slow‖ DoS attacks (e.g., Sockstress) High and slow application DoS attacks Simultaneous Attack Vectors 1 successful attack vector = No service
  • 7.
    11©2013 Check PointSoftware Technologies Ltd. DDoS and Traditional Security Attackers Take Advantage of Traditional Security  Routers may be affected before firewalls  Firewalls track state of network connections (Can be bottleneck)  Firewalls allow legitimate traffic (e.g. port 80 to web server)  IPS allows legitimate request (e.g. get http/1.0rn)  Application Control allows legitimate services (DNS or HTTPS)
  • 8.
    12©2013 Check PointSoftware Technologies Ltd. Traditional Firewalls Not Sufficient Not Designed for Network and Application DDoS Protection  Basic rate based flood protection affects all traffic (Real users and attack traffic)  Lacks Comprehensive Layer 7 DDoS protection – Poor detection of sly attacks – No filters to block attacks and allow real traffic – Administrators cannot create custom signatures
  • 9.
    13©2013 Check PointSoftware Technologies Ltd. What Software Blades Can Do  Firewall configurations: network access control – Aggressive aging: protection against connection-consuming attacks – Network quota: limit number of connections by source IP – ICMP/UDP perimeter, initial drop rules: drop early in policy – Lower Stateful Inspection timers: defense against slow attack  IPS configurations: proactive intrusion prevention – Geo protection: Rules to block by country and direction of traffic – Worm catcher signature: block known worms (HTTP and CIFS) – TCP window size enforcement: small TCP window and flood – SYN flood protection: cookie-based validation – HTTP flooding: rate-based blocking  SmartEvent and SmartLog: improved visibility and forensics
  • 10.
    14©2013 Check PointSoftware Technologies Ltd. Block Denial of Service Attacks within seconds! Introducing Check Point Check Point DDoS Protector™
  • 11.
    15©2013 Check PointSoftware Technologies Ltd. Check Point DDoS Protector Flexible deployment options Customized multi-layered DDoS protection Fast response time—protect within seconds DDoS Protector Integrated with Check Point security management
  • 12.
    17©2013 Check PointSoftware Technologies Ltd. Product Information Model DP 506 DP 1006 DP 2006 DP 3006 DP 4412 DP 8412 DP 12412 Capacity 0.5Gbps 1Gbps 2Gbps 3Gbps 4GBps 8Gbps 12Gbps Max Concurrent Sessions 2 Million 4 Million Max DDoS Flood Attack Protection Rate 1 Million packets per second 10 Million packets per second Latency <60 micro seconds Real-time signatures Detect and protect against attacks in less than 18 seconds
  • 13.
    18©2013 Check PointSoftware Technologies Ltd. DDoS Attack Information Network Flood High volume of packets Server Flood High rate of new sessions Application Web / DNS connection- based attacks Low & Slow Attacks Advanced attack techniques
  • 14.
    19©2013 Check PointSoftware Technologies Ltd. Network Flood High volume of packets Server Flood High rate of new sessions Application Web / DNS connection- based attacks Low & Slow Attacks Advanced attack techniques Multi-Layer DDoS Protection Behavioral network analysis Stateless and behavioral engines Automatic and pre-defined signatures Protections against misuse of resources Behavioral HTTP and DNS Challenge / response mitigation methods Granular custom filters Create filters that block attacks and allow users
  • 15.
    20©2013 Check PointSoftware Technologies Ltd. Flexible Deployment Options Low Maintenance and Support Optional Learning Mode Deployment Fits to Existing Network Topology Ready to Protect in Minutes 20©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. |
  • 16.
    21©2013 Check PointSoftware Technologies Ltd. + Deployment Locations On-Premise Deployment DDoS Security Appliance Off-Site Deployment DDoS Security Appliance Scenarios: 1 2 3 Transparent network device easily fits into existing network topology (layer 2 bridge)
  • 17.
    22©2013 Check PointSoftware Technologies Ltd. Simple Deployment Ready to protect any size network in minutes 1.Plug it in… 2.Let it learn… 3.Protected by signatures Signatures are ready to protect Baseline good network and application behavior No network address changes (Layer 2 bridge)
  • 18.
    25©2013 Check PointSoftware Technologies Ltd.©2013 Check Point Software Technologies Ltd. Zero Day & APTs
  • 19.
    26©2013 Check PointSoftware Technologies Ltd. WOULD YOU OPEN THIS ATTACHMENT?
  • 20.
    27©2013 Check PointSoftware Technologies Ltd. TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting zero-day vulnerabilities in a Word document
  • 21.
    28©2013 Check PointSoftware Technologies Ltd. Exploiting Zero-day vulnerabilities New vulnerabilities Countless new variants ―nearly 200,000 new malware samples appear around the world each day‖ - net-security.org, June 2013
  • 22.
    29©2013 Check PointSoftware Technologies Ltd. WHAT ABOUT NEW ATTACKS? Block download of malware infested files Detect and prevent bot damage Stops exploits of known vulnerabilities Check Point Multi-Layered Threat Prevention IPS Anti-Bot Antivirus
  • 23.
    30©2013 Check PointSoftware Technologies Ltd. Check Point introducing Check Point ThreatCloud Emulation Service PREVENTION OF ZERO-DAY ATTACKS !
  • 24.
    31©2013 Check PointSoftware Technologies Ltd. INSPECT FILE PREVENTSHARE Stop undiscovered attacks with Check Point Threat Emulation INSPECT FILE EMULATE PREVENTSHARE
  • 25.
    32©2013 Check PointSoftware Technologies Ltd. Exe files, PDF and Office documents Identify files in email attachments and downloads over the web Send file to virtual sandbox INSPECT Requires no infrastructure change or adding devices
  • 26.
    33©2013 Check PointSoftware Technologies Ltd. EMULATE Open file and monitor abnormal behavior Emulating Multi OS environments WIN 7, 8, XP & user customized Monitored behavior: • file system • system registry • network connections • system processes
  • 27.
    34©2013 Check PointSoftware Technologies Ltd. A STANDARD CV? Emulation @ Work
  • 28.
    35©2013 Check PointSoftware Technologies Ltd. Emulation @ Work
  • 29.
    36©2013 Check PointSoftware Technologies Ltd. Emulation @ Work File System Activity System Registry System Processes Network Connections Abnormal file activity Tampered system registry Remote Connection to Command & Control Sites ―Naive‖ processes created
  • 30.
    37©2013 Check PointSoftware Technologies Ltd. PREVENT Security Gateway Inline stopping of malicious files on any gateway
  • 31.
    38©2013 Check PointSoftware Technologies Ltd. Immediate update of all gateways SHARE
  • 32.
    39©2013 Check PointSoftware Technologies Ltd. INSPECT FILE EMULATE PREVENTSHARE Stop undiscovered attacks with ThreatCloud Emulation Service
  • 33.
    40©2013 Check PointSoftware Technologies Ltd. New exploit variant of vulnerability (CVE-2012-0158) Installs a bot agent Opens network ports for bot communication Steals user credentials Real Life Example Prevented 140 phishing emails targeting 4 customers in 2 days!
  • 34.
    41©2013 Check PointSoftware Technologies Ltd. Most Accurate and Fastest Prevention Optimize analysis by inspecting only files at risk Zero false-positive in document emulation THREAT EMULATION with ongoing innovation
  • 35.
    42©2013 Check PointSoftware Technologies Ltd. ThreatCloud Emulation Service Branch Headquarters Branch Agent for Exchange Server ThreatCloud Emulation Service Single Global Solution – For the entire organization
  • 36.
    43©2013 Check PointSoftware Technologies Ltd. Specifications Recommended # of File scanning per Month 250,000 1,000,000 Recommended # of users 1,700 7,000 Throughput (Mbps) 691 2032 Threat Emulation Private Cloud Appliance Multiple deployment options: Inline, Mail Transfer Agent, Tap
  • 37.
    44©2013 Check PointSoftware Technologies Ltd. ThreatCloud Emulation Service Advantages Cloud based service— works with your existing infrastructure. No need to install new equipment Control expenses with manageable lower monthly costs Organizations can choose from 5 subscription options for global file inspections, starting at 10,000 files per month and up
  • 38.
    45©2013 Check PointSoftware Technologies Ltd. threats@checkpoint.com threatemulation.checkpoint.com Anyone can submit files for THREAT EMULATION
  • 39.
    46©2013 Check PointSoftware Technologies Ltd. Multi-Layered Protection Against all Incoming Cyber Threats Check Point Threat Prevention Solution
  • 40.
    47©2013 Check PointSoftware Technologies Ltd. Top Reasons customers pick Check Point Threat Emulation works with your existing infrastructure -- No need to install any new equipment A Complete Threat Prevention Solution for Known and Unknown threats
  • 41.
    48©2013 Check PointSoftware Technologies Ltd.©2013 Check Point Software Technologies Ltd. Compliance Software Blade REVOLUTIONIZING SECURITY & COMPLIANCE
  • 42.
    49©2013 Check PointSoftware Technologies Ltd. Agenda 1 Market Background Compliance Software Blade2 Extending GRC with easy2comply3 Compliance Customer Stories4 [Restricted] ONLY for designated groups and individuals Summary5
  • 43.
    50©2013 Check PointSoftware Technologies Ltd. As Security Pressures Grow… [Restricted] ONLY for designated groups and individuals
  • 44.
    51©2013 Check PointSoftware Technologies Ltd. … and Regulatory Compliance Needs Increase MORE MORE MORE Regulations Frequent Complex [Restricted] ONLY for designated groups and individuals
  • 45.
    52©2013 Check PointSoftware Technologies Ltd.
  • 46.
    53©2013 Check PointSoftware Technologies Ltd. Compliance Software Blade Presenting: Check Point’s first integrated and fully automated Security & Compliance Monitoring [Restricted] ONLY for designated groups and individuals
  • 47.
    54©2013 Check PointSoftware Technologies Ltd. Security and Compliance Made Easy [Restricted] ONLY for designated groups and individuals
  • 48.
    55©2013 Check PointSoftware Technologies Ltd. Easy Installation: Up and Running within 2Mouse Clicks Fully Integrated Management Blade [Restricted] ONLY for designated groups and individuals
  • 49.
    56©2013 Check PointSoftware Technologies Ltd. Library of Security Best Practices [Restricted] ONLY for designated groups and individuals
  • 50.
    57©2013 Check PointSoftware Technologies Ltd. 360 Security Visibility Detailed Security Analysis [Restricted] ONLY for designated groups and individuals
  • 51.
    58©2013 Check PointSoftware Technologies Ltd. Detailed Security Analysis [Restricted] ONLY for designated groups and individuals
  • 52.
    59©2013 Check PointSoftware Technologies Ltd. ISO 27001 PCI- DSS GLBA NIST 800-41 HIPAA ISO 27002 Cobit 4.1 Complex Regulatory Requirements……mapped to Security Best Practices
  • 53.
    60©2013 Check PointSoftware Technologies Ltd. Real-Time Assessment of major regulations across Check Point Software Blades Regulatory Compliance Monitoring [Restricted] ONLY for designated groups and individuals
  • 54.
    61©2013 Check PointSoftware Technologies Ltd. Out of the Box Audit Preparation [Restricted] ONLY for designated groups and individuals
  • 55.
    62©2013 Check PointSoftware Technologies Ltd. Real Time Security Alerts [Restricted] ONLY for designated groups and individuals
  • 56.
    63©2013 Check PointSoftware Technologies Ltd. Actionable Management [Restricted] ONLY for designated groups and individuals
  • 57.
    64©2013 Check PointSoftware Technologies Ltd. NOW IS THE TIME TO STREAMLINE SECURITY WITH REGULATORY COMPLIANCE [Restricted] ONLY for designated groups and individuals  Real-Time Security Monitoring  Compliance Reporting  Security Alerts  Complementary GRC Solution Summary
  • 58.

Editor's Notes

  • #12 File #: 10275353
  • #13 File #: 4910971
  • #16 The blade is responsible for 3 main activities:Identifying bot infected machines in the organization (most orgs today are unable to detect bot infections)preventing their damages by blocking bot communication to C&amp;C sites, making sure no sensitive information can be stolen and sent out of the organizationand providing the organization with threat visibility to asses damages and decide on next steps (again most orgs today have limited visibility to malware infections)
  • #21 Simple deployment: Ready to protect any network in minutes!Transparent network device easily fits into existing network topology (layer 2 bridge) Can also be deployed in Learning Mode for adjusting the Behavioral Analysis Engine to the protected network and applicationsMinimal maintenance after initial configuration
  • #22 There are 3 DDoS protection deployment types: on the customer premises, off-site, or bothOn-Premise solutions can have better response times and can be customized to each networkOff-Site deployment helps with moving the problem away from the protected network - Fits when attack is on bandwidthA deployment of both types of solution can leverage advantages of the two deployment options
  • #24 High-Availability on DefenseProTo support high availability (HA), you can configure two compatible DefensePro devices to operate in a two-node cluster.To be compatible, both cluster members must be of the same platform, software version, software license, throughput license, and Radware signature file. One member of the cluster is the primary; the other member of the cluster is the secondary.When you configure a cluster and commit the configuration, the newly specified primary device configures the required parameterson the secondary device.You can configure a DefensePro high-availability cluster in the following ways:• To configure the primary device of the cluster, the failover parameters, and the advanced parameters, you can use the High Availability pane (Configuration perspective &gt; Setup &gt; High Availability). When you specify the primary device, you specify the peer device, which becomes the secondary member of the cluster.• To configure only the basic parameters of a cluster (Cluster Name, Primary Device, andAssociated Management Ports), you can use the Configuration perspective main navigation pane System tab.The members of a cluster work in an active-passive architecture.When a cluster is created:• The primary device becomes the active member.• The secondary device becomes the passive member.• The primary device transfers the relevant configuration objects to the secondary device.A secondary device maintains its own configuration for the device users, IP interfaces, and routing.A primary device immediately transfers each relevant change to its secondary device. For example, after you make a change to a Network Protection policy, the primary device immediately transfers the change to the secondary device. However, if you change the list of device users on the primary device, the primary device transfers nothing (because the secondary device maintains its own list of device users).The passive device periodically synchronizes baselines for BDoS and HTTP Mitigator protections.The following situations trigger the active device and the passive device to switch states (active to passive and passive to active):• The passive device does not detect the active device according to the specified HeartbeatTimeout.• All links are identified as down on the active device according to the specified Link DownTimeout.• Optionally, the traffic to the active device falls below the specified Idle Line Threshold for thespecified Idle Line Timeout.• You issue the Switch Over command. To switch the device states, in the Monitoring &amp; Control perspective navigation pane System tab, right-click the cluster node; and then select Switch over. You can perform only the following actions on a secondary device:• Switch the device state (that is, switch over active to passive and passive to active)• Break the cluster if the primary device is unavailable• Configure management IP addresses and routing• Manage device users• Download a device configuration• Upload a signature file• Download the device log file• Download the support log file• Reboot• Shut down• Change the device name• Change the device time• Initiate a baseline synchronization if the device is passive, using CLI or Web Based Management.Notes:You can initiate a baseline synchronization if a cluster member is passive, using CLI or Web Based Management.In an existing cluster, you cannot change the role of a device (primary to secondary or vice versa). To change the role of a device, you need to break the cluster (that is, ungroup the two devices), and then, reconfigure the cluster as you require.If the devices of a cluster belong to different sites, APSolute Vision creates the cluster node under the site where the primary device resides; and APSolute Vision removes thesecondary device from the site where it was configured.APSolute Vision issues an alert if the state of the device clusters is ambiguous. For example, if there has been no trigger for switchover and both cluster members detect traffic. This state is normal during the initial synchronization process.There is no failback mechanism. There is only the automatic switchover action and the manual Switch Over command.When a passive device becomes active, any grace time resets to 0 (for example, the time of the Graceful Startup Mode Startup Timer).You can monitor high-availability operation in the High Availability pane of the Monitoring &amp; Control perspective.For more details please refer to the DefensePro User Guide
  • #27 Have you ordered a product online and seen a product shipping email that looked like this? If you didn’t look closely, you might think it was legitimate.This attempt to deliver malware is not unusual.Around Valentine’s day, infected e-cards were making the rounds. If you received a message with ValentineCard4you.zip and opened it, you would become infected with backdoor.trojan.--CKthe Wall Street Journal stated that “Over 90% of targeted emails use malicious file attachments as the payload or infection source”.
  • #28 The attacks are especially dangerous when they leverage zero-day vulnerabilities. One example that leverages such vulnerabilities is Duqu.--CKDuqu, as some have named “son of stuxnet” used zero-day vulnerabilities in business documents such as MS Word files to compromise target Windows operating systems to harvest information The tell-tale signs included process injection, downloading an installing additional software drivers, modifications to the registry, and contact to C&amp;C servers using HTTP and HTTPS
  • #29 What are Zero-Day attacks and why should we be concerned? These attacks that have no known defenses.In 2012, there were over 200 new vulnerabilities in applications we use every day, and malware variants like SpyEye can be created with a click of a button. In the time I described this slide, someone could have created 60 malware variants. To put this in perspective, Dark Reading reported that up to 100,000 new malware samples are created each day. --CKIf we are only using signature based detections, how are security teams supposed to keep up with the new exploits and new malware? New challenges need new solutions.Oct 15, 2012Dark Reading
  • #41 On May 2013 a customer noticed that a file is being detected as a zero day attack. It was an email coming from citibank, with the title “statement id”. The customer was expecting such an email from this bank, and did not understand why the system blocks it. After talking and providing this email to check point – our analysts detected this file as malicious – that exploiting a vulnerability in MS word, installing a bot agent and trying to communicate with a CnC. Threat Emulation detected and prevented this attack, that at this time was known only to 2 AV vendors in the entire industry (our of almost 50 AV vendors). At the following week – the Threat Emulation system detected this exact same file at additional organizations running the system – and this time stopped it as it was shared with ThreatCloud.
  • #42 This discovery and prevention happens in 1 to 2 minutes. In case you’re worried that Threat Emulation might block good documents, or interrupt business access to key files… we have good news--CKWe use patent pending technologies that has been proven to emulate over a quarter million files with zero false positives--CKWe built in heuristics in file inspection (such as positive elimination of files) that assure that only suspicious files are emulated –completing the process as fast as possible and optimizing performance
  • #43 Threat Emulation is provided as a cloud service.Organizations can set up any gateway running R77 in their environment to inspect incoming files over email or web (HTTP &amp; HTTPS). In case that the file is suspicious – the gateway will send the file to the Threat Emulation Cloud Service for emulation. The cloud service allows the organization to use a global-quota of files that can be inspected, and any security gateway can send files for emulation. We are also introducing an Exchange Agent that can inspect incoming emails on the mail server, and will send files for emulation in the cloud. The exchange agent allows organizations that don’t have Check Point gateways (or not upgrading to R77) to inspect files.
  • #44 In addition to the cloud service, Check Point offers a local-emulation solution – as an appliance. We will provide two dedicated appliances for threat emulation – a small solution and a larger one. Our appliances can be placed on several locations at the organization, such as inline, as a mail transfer agent or as a tap. This appliance can receive files from several or even all gateway at the organization and emulate them.
  • #46 And, for those of you who want to try it now,--CKYou can try Threat Emulation in action by sending a file to the email shown, or uploading to the URL shown.--CKYou will receive a report like the one I should you a few moments ago.This is open to the public now, and I encourage you to try it and even let your customers try it to get a feel for the information summary and detail that we report to you.
  • #47 Threat Emulation is a new and important part of the Check Point multi-layer solution.
  • #53 אנחנו חושבים שזה הזמן למצוא דרך לפשט את העבודה ולחבר בין best practices של סקיורטי לבין הדרישות הרגולטוריות החלות על אירגונים
  • #54 Today we present Check Point’s Compliance blade which changes the way organizations manage compliance!